Hello readers, and welcome to my first article I’ve wrote and the first in this series. In this series we will be Reverse Engineering a basic, old Windows Minesweeper binary and creating custom patches for our desired functionality.
There are many different reasons why I’m starting this series. However, in general, besides having fun, this is meant to be a well documented, easy introduction to Reverse Engineering binaries as a whole; and some of this knowledge can even be used outside of this topic.
As Reverse Engineering is pretty complex in general, we will need a couple things to get started, such as:
For this series, we will use a simple Windows Minesweeper binary(found here). We will be looking through and investigating the multiple functionalities of this program, and then we will apply patches to make it do what we desire.
There is many awesome and incredibly useful programs out there for Reverse Engineering, but in this tutorial we will be using Ghidra, and very useful and popular tool developed by the NSA. It is free, and is seen to many as a strong competitor to IDA Pro, another(paid) extensive tool. You can download it here.
Cheat Engine is useful for many things, mainly some of the features that Ghidra doesn’t have. With Cheat Engine, if you think some code is doing something, you can easily test it using breakpoints and see what certain variables are as well, or you could track certain addresses and their value throughout execution. You can find it here.
This can apply to many things. Having a solid understanding on how things are functioning greatly helps readability and flow when working on a program.
For starters, you should have a basic understanding of Assembly, as well as coding in general. Keep note, that whilst the more you have experience with coding and Assembly the better off you will be, but to get started all you should need is a basic understanding of syntax and different operations(Such as mov or jmp in Assembly, or C++ project structure).
There are many great places to learn either coding or Assembly on the World Wide Web, but some good places to look further into are:
Reverse Engineering is a exciting and challenging topic, with many possibilities. In this series, we are just touching the surface and patching a simple binary, but there is much more for you to learn and do.
In the next article, we will be installing Ghidra, and getting it up and running to start our project.
Thanks for reading, merrittlj